[Esa-l]Re: Sircam virus filter
Floyd Pierce
floydp at boxusa.com
Thu Aug 2 05:28:33 PDT 2001
Why is a users mailbox filled up if the messages are poisoned? The
only mailbox at risk on my system would be mine from the SECURITY
WARNING messages :-(
Of course we only are getting 10 SirCam's a day. Not bad for a
thousand users.
--
Floyd Pierce | Director of Information Technology
Phone 847-790-2830 (IL) | Box USA
Phone 817-783-2355 (TX) | floydp at boxusa.com
Fax 847-790-2880 | floyd at floydbob.com
> -----Original Message-----
> From: esa-l-admin at spconnect.com [mailto:esa-l-admin at spconnect.com]On
> Behalf Of Juan Manuel Calvo
> Sent: Thursday, August 02, 2001 7:19 AM
> To: jhardin at impsec.org
> Cc: esa-l at spconnect.com
> Subject: Re: [Esa-l]Re: Sircam virus filter
>
>
> > On Wed, 1 Aug 2001, Juan Manuel Calvo wrote:
> >
> > > I have found a very simple solution to the Sircam problem. Your
> > > procmail sanitizer allows defang the attachment but the users
> > > receives the email.
> >
> > Not if you poison *.bat *.pif *.lnk and *.com - is there really any
> > reason to be accepting these sort of attachments from random people
> > out on the Internet?
>
> I'm poisonig all executable extensions but Sircam fills the user
> mailboxes,
> some of my users get over a hundred infected messages overnight,
> mailbox strikes the quota and loose or delay more important messages.
>
> >
> > > I have added the following lines in my /etc/procmailrc BEFORE
> > > the sanitizer:
> > >
> >
> > That's a signature-based defense. What if SirCam mutates a little?
>
> Your sanitizer will poison the attachment, my users will have to clean
> your mailboxes and loose some messages, and I'll have to change de
> signature,
> not a real danger.
>
> --
> Ing. Juan Manuel Calvo |TE: +54-11-4314-2269
> Director del Centro de Computos |FAX:+54-11-4314-1654
> Universidad Del CEMA |
> Cordoba 374 (1054) Capital Federal, Argentina| http://www.cema.edu.ar
> _______________________________________________
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esa-l
More information about the esd-l
mailing list